OpenLDAP(2.4.3x)服务器搭建及配置说明

阅读量：791 次

发布时间：2023-02-24

本文共 3024 字，大约阅读时间需要 10 分钟。

??OpenLDAP?BerkeleyDB

????

??OpenLDAP?BerkeleyDB???????????????

?????Ubuntu 14.04.1 (trusty) ? CentOS 7.x

???????build-essential?libssl-dev

???????50MB??????????

????

1. ??????

# ??apt-get??build-essential???
sudo apt-get install build-essential
sudo apt-get install libssl-dev

2. ?????BerkeleyDB

# ???????
cd /usr/local/src
# ??BerkeleyDB??
wget http://download.oracle.com/berkeley-db/db-5.1.29.NC.tar.gz

?????BerkeleyDB?

tar -zxf db-5.1.29.NC.tar.gz
cd db-5.1.29.NC/build_unix/
../dist/configure --prefix=/usr/local/berkeleydb-5.1
make
make install

????????--prefix?????BerkeleyDB?????????/usr/local/berkeleydb-5.1?

3. ??OpenLDAP

# ??OpenLDAP?????
cd /usr/local/src
wget http://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.31.tgz

?????OpenLDAP?

tar -zxf openldap-2.4.31.tgz
cd openldap-2.4.31

?configure????CPPFLAGS?LDFLAGS??BerkeleyDB????

CPPFLAGS="-I/usr/local/berkeleydb-5.1/include" \
LDFLAGS="-L/usr/local/berkeleydb-5.1/lib" \
./configure --prefix=/usr/local/openldap-2.4
make depend
make
make install

4. ??????

?/etc/profile?/etc/bash.bashrc????????

export BERKELEYDB_HOME="/usr/local/berkeleydb-5.1"
export CPPFLAGS="-I$BERKELEYDB_HOME/include"
export LDFLAGS="-L$BERKELEYDB_HOME/lib"
export LD_LIBRARY_PATH="$BERKELEYDB_HOME/lib"
export LDAP_HOME="/usr/local/openldap-2.4"
export PATH="/usr/local/berkeleydb-5.1/bin:$LDAP_HOME/bin:$LDAP_HOME/sbin:$LDAP_HOME/libexec"

5. ??OpenLDAP??

????????

# slapd????
sudo cp slapd.conf /usr/local/openldap-2.4/etc/openldap/slapd.conf

????????????

sudo slapadd -f /usr/local/openldap-2.4/etc/openldap/slapd.conf
sudo systemctl enable slapd
sudo systemctl start slapd

6. TLS??????

????SSL/TLS???????????

??CA??????

# ??CA???????
mkdir /etc/ssl/demoCA
cd /etc/ssl/demoCA
openssl genrsa -out private/cakey.pem 2048
openssl req -new -x509 -key private/cakey.pem -out cacert.pem

??LDAP??????

mkdir private
touch newcerts/index.txt serial
echo "00" > serial
openssl genrsa -out ldap.key
openssl req -new -key ldap.key -out ldap.csr
openssl ca -in ldap.csr -out ldap.crt

????????OpenLDAP?

# ??LDAP????
mkdir /usr/local/openldap-2.4/etc/openldap/cacerts
cp cacert.pem /usr/local/openldap-2.4/etc/openldap/cacerts/
cp ldap.crt /usr/local/openldap-2.4/etc/openldap/
cp ldap.key /usr/local/openldap-2.4/etc/openldap/

??slapd.conf???

# ??slapd.conf????
sudo nano /usr/local/openldap-2.4/etc/openldap/slapd.conf

??TLS???

TLSCACertificateFile /usr/local/openldap-2.4/etc/openldap/cacerts/cacert.pem
TLSCertificateFile /usr/local/openldap-2.4/etc/openldap/ldap.crt
TLSCertificateKeyFile /usr/local/openldap-2.4/etc/openldap/ldap.key

7. ??LDAP??

??ldapsearch?????

# ??TLS??
ldapsearch -x -b 'dc=mydomain,dc=net' '(objectClass=*)' -H ldaps://apptest.mydomain.net:636 -D "cn=root,dc=mydomain,dc=net" -W

8. ?????OpenLDAP

??apt-get???????

sudo apt-get install slapd ldap-utils

????????

sudo systemctl start slapd
sudo systemctl enable slapd

9. ???????

????????????????OpenLDAP?BerkeleyDB?????????????????????????slapd.conf?????????

?????????????????OpenLDAP?BerkeleyDB??????????????

转载地址：http://jdpfk.baihongyu.com/

你可能感兴趣的文章

Objective-C实现基于文件流拷贝文件(附完整源码)

查看>>

Objective-C实现多组输入（附完整源码）

查看>>

Objective-C实现字符串manacher马拉车算法(附完整源码)

查看>>

Objective-C实现字符串wildcard pattern matching通配符模式匹配算法(附完整源码)

查看>>

Objective-C实现字符串word patterns单词模式算法(附完整源码)

查看>>

Objective-C实现将彩色图像转换为负片算法(附完整源码)

查看>>

Objective-C实现将给定的 utf-8 字符串编码为 base-16算法(附完整源码)

查看>>

Objective-C实现数除以二divideByTwo算法（附完整源码）

查看>>

Objective-C实现文件的删除、复制与重命名操作实例(附完整源码)

查看>>

Objective-C实现是否为 Pythagoreantriplet 毕氏三元数组算法（附完整源码）

查看>>

Objective-C实现显示响应算法(附完整源码)

查看>>

Objective-C实现最小二乘多项式曲线拟合(附完整源码)

查看>>

Objective-C实现最快的归并排序算法(附完整源码)

查看>>

Objective-C实现最长公共子序列算法(附完整源码)

查看>>

Objective-C实现最长子数组算法(附完整源码)

查看>>

Objective-C实现最长字符串链(附完整源码)

查看>>

Objective-C实现有限状态自动机FSM(附完整源码)

查看>>

Objective-C实现极值距离算法(附完整源码)

查看>>

Objective-C实现根据cpu和磁盘序列号生成注册码( 附完整源码)

查看>>

Objective-C实现求众数（附完整源码）

查看>>